Payment systems have been incorporated into fueling sites in order to allow a customer to pay for fuel and other goods and services (such as fast food or convenience store products) using a credit or debit card. Loyalty or program-specific cards that entitle the customer to a fixed credit or percentage discount or other favorable pricing are also typically accepted.
Such payment systems comprise various input devices, such as card readers and PIN pads, that are configured to accept data necessary to process the payment. The customer may provide certain payment data by swiping a payment card bearing a magnetic stripe through a card reader. Data stored in the magnetic stripe may include a Primary Account Number (PAN), the cardholder's name, a service code, and the card's expiration date. Also, if required to complete the transaction, the customer may enter a personal identification number (PIN) using a PIN pad. The system communicates the data to a remote host system responsible for the customer's account for verification.
Because of the continuing challenges fraud poses to customers, merchants, and banks, among others, payment card companies are requiring more and more security during payment card transactions. For example, organizations that process, store, or transmit payment cardholder data must comply with certain industry standards. Merchants and service providers must demonstrate compliance with the standards on a recurrent basis, a costly and complex process.
One method of processing and transmitting payment cardholder data is known as end-to-end encryption (E2EE). In a typical implementation of E2EE, cardholder data is encrypted at an input device and remains encrypted until it reaches its intended destination (usually, a host computer). Payment cardholder data is never accessible to a merchant in clear-text form as it passes through intermediate system components.
Although use of E2EE provides a high level of security for payment cardholder data, it presents certain problems for merchants. For example, merchants require portions of the payment cardholder data for reconciliation purposes. However, in a system employing E2EE, merchants cannot access the cardholder data after it is encrypted at an input device. Thus, if a customer disputes a transaction, the merchant cannot verify the PAN in order to prove that the transaction occurred. Likewise, the merchant cannot credit a customer's account or manually complete a transaction that was previously declined in error.
Further, industry standards governing payment card transactions typically do not apply to nonsensitive cardholder data from other cards processed on-site or in a private retailer's network, such as data from loyalty or program-specific cards. However, in an E2EE system, this data is encrypted at the input device along with payment cardholder data. Thus, for example, the merchant cannot access loyalty card data in order to give the customer credit for a transaction.